Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday January 04 2015, @06:26PM   Printer-friendly
from the you-might-have-paid,-but-it's-not-your-computer dept.

Over at Hackernews is a link to a discussion on how the Intel Management Engine (ME) is preventing screenshots, by bypassing the host CPU.

If you're on an Intel machine that you've purchased in the past 2-3 years, that computer almost certainly has an Intel Management Engine. You might not know what that is, and that's okay. You may also be unaware that the operating system on your computer could be leveraging features in the Intel Management Engine when consuming DRM Media.

This links to a blog posting on the Intel ME in response to Rosyna Keller's twitter posting about being unable to take screenshots from Netflix (The Rosyna of the article title).

The core of the technical detail is taken from Igor Skochinsky's presentation on the ME (PDF Link) . The article raises the questions over the position of the ME in the system and the security implications of the ME subverting the host machine hardware outside of the main processor:

Given that the ME sits in a position where it can configure the chipset and operate on the PCI bus, there are some serious security implications here I wish I could mitigate. Among them is the ability of the ME to run arbitrary code on the host CPU via option ROMs or presenting a disk-drive to boot from. Also among those abilities is the possibility to perform DMA to access host CPU memory. And another one is the ability to configure and use PCI devices present in the system (such as the ethernet card).

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday January 04 2015, @06:46PM

    by Anonymous Coward on Sunday January 04 2015, @06:46PM (#131633)

    PCI-e is a point-point interconnect. How exactly do you insert this in the path?